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Encoding method for carrying out cryptographic operations. 



Technical field 

The invention relates to an encryption method as disclosed in the introductory 
part of Claim 1 wherein at least one cryptographic sub-operation y\ = fi(x is ki) is performed on 
5 data x ia kj which are digitally stored as data bit words, the relevant result or intermediate 

results yi being digitally stored or buffered as data bit words. The invention also relates to an 
encryption device as disclosed in the introductory part of Claim 8 which includes a processor 
and registers Ri, the processor performing at least one cryptographic sub-operation yi = 
fi(x i? ki) on operands x i? kj which are digitally stored as data bit words in the registers R\ of the 
10 encryption device, the relevant result or intermediate results yi being digitally stored or 
buffered as data bit words in the registers Ri of the encryption device. 
State of the art 

Cryptographic operations are carried out in many data processing apparatus so 
as to protect the operation of such apparatus or the data transported in the apparatus. The 

15 arithmetic operations required for this purpose are carried by standard processors as well as 
by dedicated crypto processors. A typical example of the latter processor is formed by a chip 
card or an IC card. As is shown in Fig. 1, for such cryptographic calculations it is often 
necessary to initialize relevant storage sections or registers of the data processing apparatus 
with operands Xi, kj. During the i th calculation intermediate results yi are possibly stored in 

20 storage sections or registers Ri or subsequently the result of the calculation is stored in 
storage sections or registers for further processing. The register Rj is situated between a 
preceding i th cryptographic calculation and a subsequent (i+l) th cryptographic operation. The 
data x^ kj or intermediate results y\ used in this context customarily constitute security- 
relevant information such as, for example, cryptographic keys or operands. 

25 In order to calculate the cryptographic algorithms the data processing 

apparatus form logic combinations of operands kj or intermediate results yj or Xi, xj+i. 
Depending on the technology used, such operations, notably the loading of the storage 
sections or registers with data, lead to an increased current consumption of the data 
processing apparatus. In the case of complementary logic, for example CMOS, an increase of 
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the current consumption occurs when the value of a bit storage cell changes, i.e. when its 
value changes from "0" to "1 " or from "1 " to "0". The increase of the consumption is then 
dependent on the number of bit positions changed in the memory or register. In other words, 
the loading of a previously erased register causes an increase of the current consumption 
which is proportional to the Hamming weight of the operand (= number of bits having the 
value " 1 ") or to the difference in the Hamming weight. Analysis of such a current variation 
could thus enable extraction of information concerning the operations executed, thus enabling 
successful crypto analysis of secret operands such as, for example, cryptographic keys. For 
example, in the case of very small signal variations, adequate information could be extracted 
by carrying out a plurality of current measurements on the data processing apparatus. On the 
other hand, a plurality of measurements could also enable a possibly required differentiation. 
This type of crypto analysis is also called "Differential Power Analysis" whereby an outsider 
could successfully perform a possibly unauthorized crypto analysis of the cryptographic 
operations, algorithms, operands or data purely by observing changes in the current 
consumption of the data processing apparatus. 

From US 5,297,201 it is known to combine a high frequency radiating 
computer with a device which also radiates high frequency similar to that of the computer. As 
a result, unauthorized third parties can no longer decode the high-frequency radiated by the 
computer. This system, however, cannot prevent crypto analysis by a third party having 
direct access to the computer. 

In order to eliminate a correlation in chip cards between the output of a result 
of a cryptographic operation or a transfer of key information for a cryptographic operation 
and the cryptographic operation itself, it is known from Patent Abstracts of Japan 10069222 A 
to delay the result of the cryptographic operation or the transfer of the key information for the 
cryptographic operations. However, this system can also be analyzed by way of Differential 
Power Analysis, because the delayed data transfer also becomes apparent in the current 
consumption of the data processing apparatus. 
Implementation of the invention, object, solution, advantages 

It is an object of the present invention to provide an improved method and an 
improved device of the kind set forth which eliminate the described drawbacks and 
effectively prevent crypto analysis by observation of current consumption of a data 
processing apparatus. 
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This object is achieved by a method of the kind set forth which is 
characterized as disclosed in Claim 1 . 

To this end, according to the invention at option at least one of the data X*, kj 
and/or the result or at least one intermediate result y* is bit-wise complemented to 
5 y = f( x i, k i ) and/or y \ or not, depending on a control signal r* which is based on random 
numbers. 

This offers the advantage that other bit series are processed or stored in the 
case of repeated execution of the same cryptographic operation, so that the respective 
execution of a cryptographic operation or several cryptographic operations produce different 
10 current variations in the data processing apparatus. Irrespective of the actual value of the sub- 
results, in the case of repeated execution of the overall calculation it is thus achieved that 
each datapath changes the same number of times from "0" to "0", from "0" "1", from "1" to 
2 "0" and from " 1 11 to " 1 " in the case of a pure random number series or practically the same 

:{tl number of times in the case of a pseudo-random number series. However, because the control 

1 5 signal x x based on random numbers is not known or predetermined, there will be no 

correlation between the current variations and the bit values of the data and results, so that 
Differential Power Analysis no longer leads to successful crypto analysis. In other words, the 
mean current consumption of the overall operation does not contain usable information 
concerning the sub-operands or intermediate results used in the sub-operations. 
20 Advantageous further versions of the method are disclosed in the Claims 2 to 

7. 

Preferably, one or more XOR combinations (EXCLUSIVE- OR combinations) 
are formed during the cryptographic sub-operations. 

The data contain, for example cryptographic keys and/or operands. 
25 In a preferred version intermediate results yi are buffered in a register Rj 

between the execution of successive cryptographic sub-operations and are used as an operand 
Xj+i for the subsequent cryptographic sub-operations. 

In order to form an original, non-inverted value after each sub-operation, a bit 
series Xi+i = yi derived from the intermediate result y* of a preceding sub-operation i is bit- 
30 wise complemented to x j+i for a subsequent sub-operation i+1 if the data Xi, kj of the 
preceding sub-operation i were bit-wise complemented. 

In a particularly advantageous version at least one bit value, notably the even 
bit values, the odd bit values or all bit values, of a data bit word Xi, ki or yi are inverted during 
the bit-wise complementary operation. It is then particularly advantageous to perform an 
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inversion of bit values or bit addresses of a data bit word x;, ki or yi by means of an XOR 
operation (EXCLUSIVE-OR operation) during the bit- wise complementary operation. 

A device of the kind set forth according to the invention is provided with at 
least one inverter which can be controlled by a control signal r\ and serves for at least one of 
the data Xj, kj and/or the result or at least one intermediate result yj, with a random number 
generator which generates random numbers, as well as with a device for generating the 
control signal rj on the basis of the random numbers, the controllable inverter either, in 
dependence on the control signal rj, converting the bit series Xi, ki or yi into their bit-wise 
complement x i, k \ and y u respectively, or leaving them unchanged. 

This offers the advantage that other bit sequences are processed or stored in 
the case of repeated execution of the same cryptographic operation, so that other current 
variations occur in the data processing apparatus during the respective execution of the 
cryptographic operation or cryptographic operations. Irrespective of the actual value of the 
sub-results, in the case of repeated execution of the overall calculation it is thus achieved that 
each data path changes the same number of times from "0" to "0", from H 0" to "1 from "1 " 
to "0" and from " 1 " to " 1 " in the case of a pure random number series or practically the same 
number of times in the case of a pseudo-random number series. However, because the control 
signal x\ based on random numbers is not known or predetermined, there will be no 
correlation between the current variations and the bit values of the data and results, so that 
Differential Power Analysis no longer leads to successful crypto analysis. In other words, the 
mean current consumption of the overall operation does not contain usable information 
concerning the sub-operands or intermediate results used in the sub-operations. 

Advantageous further embodiments of the device are described in the Claims 9 

to 14. 

In a preferred embodiment at least one register Rj is succeeded by an inverter 
which receives the same control signal x\ as the inverter for the data xj, ki which precedes the 
I th sub-operation. The inverter succeeding a register Ri of the 1 th sub-operation is preferably 
combined with an inverter for input data Xj+i which precedes the subsequent (i+l) 111 sub- 
operation. The combined inverter preferably receives the control signal n of the preceding I th 
sub-operation as well as the control signal rj+i of the subsequent (i+l)^ sub-operation. 

The data contain, for example, cryptographic keys and/or operands. 

In a preferred embodiment a register Rj stores an intermediate result yi of the 
preceding I th sub-operation between a preceding sub-operation and a subsequent (i+l)* 
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sub-operation and forwards this intermediate result as an input value Xi+i to the subsequent 
(i+l)* sub-operation. 

Preferably, the bit-wise complementary operation inverts at least one bit value, 
notably the even bit values, the odd bit values or all bit values, of a data bit word Xi, kj or yj. 
5 Brief description of the drawings 

The invention will be described in detail hereinafter with reference to the 
accompanying drawings. Therein: 

Fig. 1 shows a flow chart of a part of a cryptographic operation according to 
10 the state of the art, 

Fig. 2 shows a flow chart of a part of a first preferred version of a 
^ cryptographic operation according to the invention, and 

hjj Fig. 3 shows a flow chart of a part of a second preferred version of a 

™ cryptographic operation according to the invention. 

Lh 1 5 Preferred implementation of the invention 

u 

^ In the first preferred version of an encryption method according to the 

Q invention as shown in Fig. 2 a cryptographic overall operation is performed by way of a 

chain of sub-operations fi(xi,kj) in which one or more logic XOR (EXCLUSIVE OR) 
20 combinations are formed. The Figure shows two sub-operations, i.e. the 1 th sub-operation 10 
and the (i+l) 1 * 1 sub-operation 12, each sub-operation being executed by an arithmetic unit. 
Each sub-operation 10, 12 is succeeded by a storage cell or a register R; 14 and a storage cell 
or a register Rj 16, respectively. Each sub-operation 10, 12 has as its input value data xj, Xi+i 
as well as an operand ki, ki+i, both being available as data bit words. 
25 Each sub-operation 10, 12 is preceded by a respective controllable inverter 18 

and 20 for the data x^, xj+i, respectively, as well as by a controllable inverter 22, 24 for the 
operands kj, kj+i. Furthermore, for each sub-operation 10, 12 the relevant register Rj 14 and 
Rhi 16 is succeeded by a controllable inverter 26, 28 for the intermediate result yj, yj+i, said 
intermediate result being propagated by the relevant register Ri 14 and Ri+i 16 to a 
30 subsequent sub-operation 12 as input data Xj+i and Xi+i, respectively. The inverters 18 to 28 
can be controlled by a control signal rj and r^i, respectively, in such a manner that at option 
they bit-wise complement the associated data bit words or not, depending on the relevant 
control signal n and rj+i, respectively. All inverters 18, 22, 26 and 20, 24, 28 of a sub- 
operation 10 and 12, respectively, then receive the same control signal r t and rj+i, 
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respectively. In other words, the decision whether an inversion of the relevant input values of 
the inverters 1 8 to 28 is performed or whether the input values traverse the inverters 18 to 28 
in non-processed form is taken by the additional control signal r\ and n+i, respectively. This 
arrangement of registers 14, 16 between sub-operations 10, 12 is used particularly when the 
5 sub-operations 10, 12 are calculated successively in time by one and the same unit so that the 
sub-results must be buffered. 

The control signal is controlled by random values from a random generator in 
such a manner that, depending on the value of the random numbers, the sub-operation yields 
either the original result y = f(x,k) or the bit-inverted result y = f(x,k) . It is thus achieved 
10 that the calculation as well as the storage of the data in the registers R* 14, 16 takes place 
either by way of original values or bit-inverted values. In the case of repeated execution of 
the overall calculation it is thus achieved that each data path changes over the same number 
m of times from "0" to "0", from "0" to "1", from "1" to "0" and from "1" to "1", irrespective of 

the actual value of the sub-results. The mean current consumption of the overall operation, 
^ 1 5 consequently, does not contain useful information concerning the sub-operands ki or 

yj 

Q intermediate results y\ involved in the sub-operations 10, 12. The inverter 26, 28 succeeding 

'* ! the registers 14, 16 restores the original, non-inverted value again for the next sub-operation 

■53 12 again. 

in 

ry The second preferred version of the encryption method according to the 

20 invention as shown in Fig. 3 corresponds to the first version shown in Fig. 2, the only 
O difference being that the inverters 26, 28 succeeding the registers 14, 16 are combined with 

the respective input inverter 20 of the next stage 12 so as to form an inverter 30. 

The inverters invert, for example, only a part of the bit values of the relevant 
data bit word. For example, only the even or the odd bit words or bit addresses are inverted. 
25 The bit values are inverted, for example, by means of an XOR (EXCLUSIVE OR) operation. 



